Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 75.2%